In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c

Conflicts:
	src/common/tortls.c

We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]

Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..

We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

Apparently some autoconf versions need this, while others don't.
This means documentation will be installed into share/doc/tor/.

This removes the Makefile.am from doc/design-paper and replaces it with
a static Makefile. We don't need to call it during the normal Tor build
process, as we don't need its targets normally. Keeping it around in
case we want to rebuild the pdf or ps files later.

I propose a backward-compatible change to the Tor connection
establishment protocol to avoid the use of TLS
renegotiation.

Rather than doing a TLS renegotiation to exchange
certificates and authenticate the original handshake, this
proposal takes an approach similar to Steven Murdoch's
proposal 124, and uses Tor cells to authenticate the
parties' identities once the initial TLS handshake is
finished.

rieo pointed out something isn't right here

Nick Mathewson authored 15 years ago and Sebastian Hahn committed 15 years ago

Updated a little by Sebastian

Nick Mathewson authored 15 years ago and Sebastian Hahn committed 15 years ago

Edited a little by Sebastian

This should be a very faithful conversion, preserving as much of the layout
of the old manpage as possible. This wasn't possible for the nt-service
and the DataDirectory/state parts. See a later commit for some small
cleanups.

Tiago Faria helped with the asciidoc conversion, big thanks!

The website wasn't used by our packages, and most users will not know how
to open html.en files anyways.

Karsten Loesing authored 15 years ago and Sebastian Hahn committed 15 years ago

We accidentally freed the internal buffer for bridge stats when we
were writing the bridge stats file or honoring a control port
request for said data. Change the interfaces for
geoip_get_bridge_stats* to prevent these problems, and remove the
offending free/add a tor_strdup.

Fixes bug 1208.

I believe  that since  we were allocating  *cp while holding  a mutex,
coverity deduced that  *cp must be protected by  that mutex, and later
flipped out  when we didn't  use it  that way. If  this is so,  we can
solve our problems by moving the *cp = tor_strdup(buf) part outside of
the mutex-protected code.

It's a bit confusing to have a loop where another function,
confusingly named "*_free", is responsible for advancing the loop
variable (or rather, for altering a structure so that the next time
the loop variable's initializer is evaluated it evaluates to something
different.)

Not only has this confused people: it's also confused coverity scan.
Let's fix that.

This might please coverity scan.

This was freaking out some relay operators without good reason, as
it is nothing the relay operator can do anything about anyways.

Quieting this warning suggested by rieo.

Peter Palfrader authored 15 years ago and Nick Mathewson committed 15 years ago

Does not deal with error handling in dump_microdescriptor's callers.

Resolved conflicts in:
	configure.in
	src/or/Makefile.am
	src/tools/Makefile.am

These options only work when using --with-(openssl|libevent)-dir to
explicitly pick a libevent or openssl location.

Peter Palfrader authored 15 years ago and Nick Mathewson committed 15 years ago

the new configure option --enable-gcc-warnings-advisory enables
all the gcc flags that --enable-gcc-warnings does with the
exception of -Werror.